OESA-2026-2634

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2634
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2634.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2634
Upstream
  • CVE-2026-48863
Published
2026-06-12T12:25:31Z
Modified
2026-06-12T12:45:09.515082554Z
Summary
libsolv security update
Details

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks:

Security Fix(es):

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.(CVE-2026-48863)

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).(CVE-2026-9149)

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.(CVE-2026-9150)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / libsolv

Package

Name
libsolv
Purl
pkg:rpm/openEuler/libsolv&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.24-5.oe2403sp1

Ecosystem specific

{
    "aarch64": [
        "libsolv-0.7.24-5.oe2403sp1.aarch64.rpm",
        "libsolv-debuginfo-0.7.24-5.oe2403sp1.aarch64.rpm",
        "libsolv-debugsource-0.7.24-5.oe2403sp1.aarch64.rpm",
        "libsolv-demo-0.7.24-5.oe2403sp1.aarch64.rpm",
        "libsolv-devel-0.7.24-5.oe2403sp1.aarch64.rpm",
        "libsolv-tools-0.7.24-5.oe2403sp1.aarch64.rpm",
        "perl-solv-0.7.24-5.oe2403sp1.aarch64.rpm",
        "python3-solv-0.7.24-5.oe2403sp1.aarch64.rpm",
        "ruby-solv-0.7.24-5.oe2403sp1.aarch64.rpm"
    ],
    "src": [
        "libsolv-0.7.24-5.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "libsolv-0.7.24-5.oe2403sp1.x86_64.rpm",
        "libsolv-debuginfo-0.7.24-5.oe2403sp1.x86_64.rpm",
        "libsolv-debugsource-0.7.24-5.oe2403sp1.x86_64.rpm",
        "libsolv-demo-0.7.24-5.oe2403sp1.x86_64.rpm",
        "libsolv-devel-0.7.24-5.oe2403sp1.x86_64.rpm",
        "libsolv-tools-0.7.24-5.oe2403sp1.x86_64.rpm",
        "perl-solv-0.7.24-5.oe2403sp1.x86_64.rpm",
        "python3-solv-0.7.24-5.oe2403sp1.x86_64.rpm",
        "ruby-solv-0.7.24-5.oe2403sp1.x86_64.rpm"
    ],
    "noarch": [
        "libsolv-help-0.7.24-5.oe2403sp1.noarch.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2634.json"